On Sat, Apr 27, 2002 at 01:10:03PM +0200, [EMAIL PROTECTED] wrote:
> I wrote a very small SSL client server applicazion.
> In writing it I never used a whatever function to create entropy to seed
> PRNG after SSL_library_init().
> Is a seeding action required or is it done authomatically by SSL
> framework?
An OpenSSL server does only generates secret keys, when using DH ciphers.
OpenSSL does contact /dev/urandom on Linux, so if you are running Linux,
you don't have to care much (even though you should be aware, that only
the minimum amount required for one secret key is requested).
If you are running on another platform, or when the server must serve
several connections, it is recommended to add seed from the applications
side (and maybe reseed in between).
Best regards,
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
http://www.aet.TU-Cottbus.DE/personen/jaenicke/
BTU Cottbus, Allgemeine Elektrotechnik
Universitaetsplatz 3-4, D-03044 Cottbus
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
